Privacy Policy

Last updated: 2 March 2026

Deucalion® ("we", "us", "our") operates the Deucalion® mobile application and web portal at deucalion.uk. This policy explains what data we collect, how we use it, and your rights under UK data protection law.

1. Data we collect

Account information — name, email address, phone number (optional), and professional certification details (e.g. SDI certification ID).

Inspection data — site details (name, address, contacts), system and asset information (serial numbers, specifications, photos), inspection records (dates, results, environmental readings, engineer signatures), and defect reports.

Photos and evidence — images you capture or upload during inspections. Stored securely and accessible only to you and your organisation.

AI processing inputs — audio recordings submitted for transcription, images submitted for text extraction (OCR), and chat messages sent to the AI assistant. We log token usage for quota management.

Device information — push notification tokens, device platform (iOS, Android, or web), and IP addresses recorded in our audit log.

Payment information — subscription tier and status. Payment processing is handled entirely by Apple (App Store) or Google (Play Store) via RevenueCat. We do not receive or store your card details.

Waitlist entries — email address and company name submitted via the landing page.

2. How we use your data

• To provide the inspection, reporting, and compliance features of the app
• To generate certificates, quotes, and reports from your inspection data
• To process AI transcription, OCR, and analysis requests
• To manage your subscription and enforce usage quotas
• To send transactional emails (invitations, assignments, certificates, quotes)
• To send push notifications you have opted into
• To maintain audit logs for compliance and security
• To improve the service and fix errors

3. Legal basis for processing

We process your data under the following bases (UK GDPR):

• Contract performance — to provide the service you signed up for
• Legitimate interests — security, fraud prevention, service improvement, and audit logging
• Consent — for optional features like push notifications and waitlist registration

4. Third-party services

We use the following services to operate Deucalion®:

• Supabase (EU) — authentication, database hosting, and photo storage
• Anthropic (US) — AI-powered transcription analysis, OCR, and assistant features via the Claude API
• Resend (EU) — transactional email delivery
• RevenueCat (US) — subscription management and in-app purchase verification
• Railway (US) — application hosting
• Cloudflare — DNS and domain management
• Plausible Analytics (EU) — privacy-friendly website analytics (no cookies, no personal data)
• Apple / Google — app distribution and payment processing

Some data is transferred to processors outside the UK. Where this occurs, appropriate safeguards (such as Standard Contractual Clauses) are in place.

5. Data retention

We retain your data for as long as your account is active. Inspection data and audit logs are retained for compliance purposes. You can delete individual items (photos, AI conversations) at any time through the app. If you close your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate compliance purposes.

6. Data security

All data is transmitted over HTTPS. Passwords are managed by Supabase Auth and never stored in our application. Photos are served via time-limited signed URLs (1-hour expiry). Access to inspection data is restricted to the owner and their organisation members.

7. Your rights

Under UK data protection law, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (right to erasure)
• Object to processing based on legitimate interests
• Export your data in a portable format
• Withdraw consent for optional processing
• Lodge a complaint with the Information Commissioner's Office (ICO)

8. Children's privacy

Deucalion® is a professional tool for qualified engineers. We do not knowingly collect data from anyone under 16. If you believe we have, please contact us immediately.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app or email. The "last updated" date at the top reflects the most recent revision.

10. Contact

For privacy-related queries, contact us at privacy@deucalion.uk.